EFF in the News
The NSA has lost some terrorists because of their adoption of strong encryption, but the agency is supportive of the use of the technology, it's top lawyer said. Glenn Gerstell, general counsel of the National Security Agency, speaking at the Cambridge Cyber Summit at MIT in Cambridge, Massachusetts, said the NSA sees ISIS terrorists using end-to-end encryption, and that has prevented the agency from finding out the key information about those bad actors.
Privacy advocate Cindy Cohn, executive director of the Electronic Frontier Foundation, listed some of the methods the government may use when encryption blocks access to information shared by suspects. "We know they purchase vulnerabilities and don't tell the companies their systems are vulnerable," she said.
The tech giant known for its laptops and printers made a controversial decision to quietly trigger a digital lock in the September firmware update. After the update, any customer who attempted to print with a non-HP cartridge would deactivate the printer and receive a cartridge replacement warning. The printer would not resume working until an HP brand cartridge was inserted.
"We should have done a better job of communicating about the authentication procedure to customers, and we apologize," HP said in a corporate blog post last Thursday.
According to the Tuesday report, Yahoo acceded to a 2015 government directive to give email access to the National Security Agency or the FBI. Reuters cited anonymous sources including two former employees and another person with knowledge of the events. Yahoo continues to face questions about a breach in 2014 that compromised at least 500 million accounts.
Yahoo secretly built software in 2015 that let it search the incoming emails of its hundreds of millions of users on behalf of the U.S. government, Reuters reported Tuesday.
“They secretly scanned everything you ever wrote, far beyond what law requires. Close your account today,” tweeted Edward Snowden, the former National Security Agency contractor who leaked details about the government’s surveillance programs in 2013.
“The Fourth Amendment implications are staggering,” tweeted Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, a California-based digital rights group.
A major distributed-denial-of-service (DDoS) attack on cybersecurity blog Krebs on Security reminded technology users that faulty Internet of Things (IOT) security makes all of our devices and appliance vulnerable. But some manufacturers may not be willing to spend money to make their appliances more secure, said Electronic Frontier Foundation (EFF) Senior Staff Attorney Lee Tien. For a company designing a new fitness tracker, "it would be a lot easier and a lot cheaper to design it without having storage and all sorts of things that people think they should have," Tien said.
According to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order. Andrew Crocker, an attorney with the Electronic Frontier Foundation (EFF), said the document prompted further questions: “How often are lookups performed? Does opening [an iMessage] thread cause a lookup? Why is Apple retaining this information?”.
The charge was taken up by the Electronic Freedom Foundation, a San Francisco-based group that takes stands against government surveillance and other tech-policy matters. The group on Monday sent a letter to Dion Weisler, HP’s chief executive, arguing in part that HP’s action could cause customers to become wary of software updates that are increasingly important to improve security.
“By giving tens of millions of your customers a reason to mistrust your updates, you’ve put them at risk of future infections that could compromise their business and home networks, their sensitive data, and the gadgets that share their network with their printers, from baby monitors to thermostats,” wrote Cory Doctorow, an EFF special adviser.
The EFF, which has long criticized the way companies use various forms of digital rights management technology, began an online petition asking readers to demand that “HP make amends for its self-destructing printers.” It has received more than 10,000 signatures, said Elliot Harmon, who holds the title of activist at the group.
HP did apologize for its poor communication about the firmware update and promised to be more "transparent" in the future. But that alone won't satisfy the Electronic Frontier Foundation, which called on HP for a public commitment to never again use its software update process "to distribute anti-features that work against [HP] customers' interests."
The EFF told Ars today that it's glad to hear about the firmware update, but it wants to know what HP's plans are for informing users. "Today, the vast majority of people who use the affected printers do not know why their printers lost functionality, nor do they know that it’s possible to restore it," EFF Activist Elliot Harmon said. "All of those customers should be able to use their printers free of artificial restrictions, not just the relatively few who have been closely following this story."
“You must be aware that this decision has shocked and angered your customers,” wrote Cory Doctorow of the Electronic Frontier Foundation (EFF) in an open letter, in which he suggested steps HP should take to “begin to repair the damage it has done to its reputation and the public’s trust.”
Doctorow added that HP’s customers should be able to choose the ink they put in their printers in much the same way Cuisinart toaster owners can choose their bread. He criticized the company for sneaking the functionality onto printers via what purported to be a security update, arguing that if people mistrust security updates, they might leave their product vulnerable to attack.
Mitch Stoltz (@mitchstoltz) is a Senior Staff Attorney at the Electronic Frontier Foundation. Mitch works on cases where free speech and innovation collide with copyright and trademark law. His current projects include improving the legal environment for mobile software developers and tinkerers, fighting the use of copyright as a tool for censorship, litigation on the copyright status of mandatory safety codes, and legal analysis in the field of Internet television and video. Mitch also counsels clients on Internet video technology and open source software licensing.